How to setup SSH on a Cisco Switch

There are 3 main steps needed to be followed in order to setup SSH on a Cisco Switch. Each of the 3 parts will have a few sub-steps as well. One thing you will have to decide early on is how you are going to authorize your users. Are you going to use a local username/password database on the switch or are you going to centrally manage it using a Radius server?

For this example we are going to use local usernames and passwords. This allows the post to remain a bit more Cisco neutral as well as give you the foundation once you are willing to tackle RADIUS authentication. I hope in a few weeks to post on how to do it with a Microsoft RADIUS server.

Cisco SSH Setup – Part One

First enter global configuration mode by typing “conf t”

Enter VTY configuration. Type “line vty 0 15”

Edit the Telnet/SSH authentication by typing “login local”. This will tell the switch to use it’s own local database.

Type “exit” to leave the VTY line configuration

Cisco SSH Setup – Part Two

Add local user account to the switch. To do this type: “username jared password MySecretPassword”.

Cisco SSH Setup – Part Three

Specify the domain name: “ip domain-name domain.com”

Create Key “crypto key generate rsa”

Tell it to use 1024bits

Tell the switch to use SSH ver. 2: “ip ssh version 2”

Bonus SSH Setup Step

Prevent people from using telnet and force people to use use SSH. Type: “transport input ssh”. This commandwr has to be run under the “vty line configuration”.

Once you have tested the login you will want to test the username and password combo 🙂